My computer's MBR may have been changed by a virus. I don't want to reboot under Windows until I verify that the MBR is OK. I know some Windows tools I could use to read the MBR and save the output to a file for review, but I want something I can run from puppy (Lucid-5.2.5). Can anyone recommend a Linux tool and create a PET that allows me to do the same?

I could just invoke ms-sys to write a new MBR but I need to know what is there.

B.K. Johnson, if all you really want to know is whether the MBR was compromised, maybe this would work: make a file of the existing MBR using rcrsn51's program, reinstall the MBR using Windows, then run rcrsn51's program again and compare the resulting file with the first file. That would show the difference between the two MBRs. If there is no difference, or only a few bits here and there, it seems unlikely that your MBR was compromised. Although I've read that malware written in machine language can be as small as only a few bytes. _________________Puppy Help 101 - an interactive tutorial for Lupu 5.25

Sorry I wasn't around earlier to explain myself but as Flash pointed out if it was a piece of malware written in machine code/assembly language it would be nearly impossible to detect without having an original mbr to compare it to.

Quote:

It has been said that machine code is so unreadable that the Copyright Office cannot even identify whether a particular encoded program is an original work of authorship.

1. "What do you want to know about it?"
See the mbr code/contents displayed in this post by Paul Komski.
If someone were to be able to copy his mbr at 2 points in time...
[Before and after possible infection?]
And then display them both...
They might be able to detect changes in the code.
I'd like to explore a method of doing that, if it isn't too difficult.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum